fix(provider): Microsoft Entra ID

[benhovinga]

☕️ Reasoning

This PR resolves several issues with the Microsoft Entra ID provider.

Fix Documentation

Inconsistencies between the use of issuer and tenantId. This implementation of the provider doesn't directly use tenantId however it is used within part of the issuer URI string. This PR clarifies how to use the issuer parameter in both the Provider Docs and API Reference.

Also fixed some inconsistencies between frameworks

Fix MicrosoftEntraIDProfile interface

The MicrosoftEntraIDProfile interface was missing a lot of the claims returned from the provider server. This PR adds all id_token claims.

Fix default issuer

If the environment variable AUTH_MICROSOFT_ENTRA_ID_ISSUER is configured but the issuer parameter is not set, the default issuer overwrites the environment variable. This PR checks if the environment variable is configured first before falling back to the default issuer.

Now the provider "can" be used without any configuration, like this.

import NextAuth from 'next-auth';
import MicrosoftEntraID from 'next-auth/providers/microsoft-entra-id';

export const { handlers, auth, signIn, signOut } = NextAuth({
  providers: [MicrosoftEntraID]
});

AUTH_MICROSOFT_ENTRA_ID_ID="<client id>"
AUTH_MICROSOFT_ENTRA_ID_SECRET="<client secret>"
AUTH_MICROSOFT_ENTRA_ID_ISSUER="https://login.microsoftonline.com/<tenant id>/v2.0"

Finish Provider Implementation

Add the provider to the OAuth providers search and the Issues Template providers dropdown.

🧢 Checklist

• Documentation
• Tests
• Ready to be merged

🎫 Affected issues

Fixes: #12314, #12193, #12195
Corrects: #12612

📌 Resources

• Security guidelines
• Contributing guidelines
• Code of conduct
• Contributing to Open Source

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
auth-docs	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Feb 21, 2025 3:20pm

1 Skipped Deployment

Name	Status	Preview	Comments	Updated (UTC)
next-auth-docs	⬜️ Ignored (Inspect)	Visit Preview		Feb 21, 2025 3:20pm

[vercel]

@benhovinga is attempting to deploy a commit to the authjs Team on Vercel.

A member of the Team first needs to authorize it.

[codecov]

Codecov Report

Attention: Patch coverage is 0% with 381 lines in your changes missing coverage. Please review.

Project coverage is 39.04%. Comparing base (507aadd) to head (1f8bd46).
Report is 6 commits behind head on main.

Files with missing lines	Patch %	Lines
packages/core/src/providers/microsoft-entra-id.ts	0.00%	381 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #12616      +/-   ##
==========================================
- Coverage   39.41%   39.04%   -0.38%     
==========================================
  Files         198      198              
  Lines       31294    31644     +350     
  Branches     1376     1378       +2     
==========================================
+ Hits        12334    12354      +20     
- Misses      18960    19290     +330     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.